Defender: Need more information about recommended .htaccess tweaks

Defender recommends that I add some .htaccess files...

but I already have one in place that has been manually customized to protect our site from attacks. Before I say yes to the tweaks suggested by Defender, I need to know what's going to happen. For example....

- what will happen to my own customizations
- will Defender keep a copy of my existing .htaccess and create a new one
- preventing php execution could break there any information about how this works so I can be prepared, or manually do it selectively?


  • Nazmul H. Rupok

    Hi there,

    Hope you are doing well today and thanks for asking. For each setting, defender will add the relevant code to the .htaccess file if the file is already exists. If it doesn't exists then defender will create the file with the code. For example, if you enable "Prevent PHP Execution", it will create the .htaccess file under wp-content directory with the below code :

    ## WP Defender - Protect PHP Executed ##
    <Files *.php>
    Order allow,deny
    Deny from all
    ## WP Defender - End ##

    So if you already have a file there, it will add this code within the file. And if you think the php execution tweak is breaking any plugin, just open the .htaccess from wp-content directory and remove the above code.

    Hope this makes sense. Let me know if you have any other question on this.

    Have a nice day. Cheers!

  • Paul Kevin

    Hello kalico ,

    Hope you are well today.

    - what will happen to my own customizations
    Your customization's will remain intact, Defender will just add more rules to the file. Each new rule added by defender will be in the ## WP Defender block. So in case of anything, you can always remove the whole code block in the affected .htaccess file.

    - will Defender keep a copy of my existing .htaccess and create a new one
    Defender will only create a new .htaccess file if it does not exist.

    - preventing php execution could break there any information about
    Some plugins need their files to be accessed publicly that is why in the recent versions of Defender, we have added an option to exclude certain files from the "Prevent PHP Execution" custom .htaccess file.

    You can define the file names you would like excluded in the text box as attached, each in a new line. For example, if you have a plugin that requires the file name plugin.php to be accessed publicly while keeping other files on lock down, all you need to do is put the path to the file relative to the wp-content directory in the text box or just the name of the file.

    If you have any further questions, kindly let me know and I will do my best to have them answered. Thank you for choosing Defender.

    Warm Regards
    Paul Kevin

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.